Affected by GO-2022-0704 and 16 other vulnerabilities

GO-2022-0704: Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) in github.com/goharbor/harbor

GO-2022-0785: "catalog's registry v2 api exposed on unauthenticated path in Harbor" in github.com/goharbor/harbor

GO-2022-0818: Missing Authorization in Harbor in github.com/goharbor/harbor

GO-2022-0853: SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2022-0863: Privilege Escalation in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2022-0865: Authenticated users can exploit an enumeration vulnerability in Harbor in github.com/goharbor/harbor

GO-2022-0876: Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2022-0883: SQL Injection in Cloud Native Computing Foundation Harbor in github.com/goharbor/harbor

GO-2023-2109: Harbor timing attack risk in github.com/goharbor/harbor

GO-2024-2915: Open Redirect URL in Harbor in github.com/goharbor/harbor

GO-2024-2916: SQL Injection in Harbor scan log API in github.com/goharbor/harbor

GO-2024-3013: Harbor fails to validate the user permissions when updating project configurations in github.com/goharbor/harbor

GO-2025-3825: Harbor repository description page has Cross-site Scripting vulnerability in github.com/goharbor/harbor

GO-2025-3826: Possible ORM Leak Vulnerability in the Harbor in github.com/goharbor/harbor

authcontext

package

v1.7.2 Latest Latest Go to latest Published: Jan 25, 2019 License: Apache-2.0 Imports: 12 Imported by: 80

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/goharbor/harbor

Links

Documentation ¶

Index ¶

Constants
type AuthContext
- func GetAuthCtx(client *http.Client, url, token string) (*AuthContext, error)
- func Login(client *http.Client, url, username, password, token string) (*AuthContext, error)

Constants ¶

View Source

const (
	// AuthTokenHeader is the key of auth token header
	AuthTokenHeader = "x-xenon-auth-token"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthContext ¶

type AuthContext struct {
	PrincipalID string     `json:"id"`
	Name        string     `json:"name"`
	Email       string     `json:"email"`
	Roles       []string   `json:"roles"`
	Projects    []*project `json:"projects"`
}

AuthContext ...

func GetAuthCtx ¶

func GetAuthCtx(client *http.Client, url, token string) (*AuthContext, error)

GetAuthCtx returns the auth context of the current user

func Login(client *http.Client, url, username, password, token string) (*AuthContext, error)

Login with credential and returns auth context and error

func (*AuthContext) GetMyProjects ¶

func (a *AuthContext) GetMyProjects() []*models.Project

GetMyProjects returns all projects which the user is a member of

func (*AuthContext) GetProjectRoles ¶

func (a *AuthContext) GetProjectRoles(projectIDOrName interface{}) []int

GetProjectRoles ...

func (*AuthContext) IsSysAdmin ¶

func (a *AuthContext) IsSysAdmin() bool

IsSysAdmin ...

Source Files ¶

View all Source files

authcontext.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL